Re: [PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on CONFIG_CPU_SPECTRE
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Date: 2021-10-28 19:36:53
Also in:
bpf, lkml
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Date: 2021-10-28 19:36:53
Also in:
bpf, lkml
On 28.10.2021 07:34, Greg KH wrote:
On Wed, Oct 27, 2021 at 06:35:44PM -0700, Pawan Gupta wrote:quoted
Disabling unprivileged BPF would help prevent unprivileged users from creating the conditions required for potential speculative execution side-channel attacks on affected hardware. A deep dive on such attacks and mitigation is available here [1]. If an architecture selects CONFIG_CPU_SPECTRE, disable unprivileged BPF by default. An admin can enable this at runtime, if necessary. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> [1] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdfThis should go above the signed-off-by line, in the changelog text, not below it, otherwise our tools get confused when trying to apply it.
Thanks, I will fix it.